Overview
This document provides an overview of the major features that will be available in the upcoming releases and deprecated features of Agents.
What’s coming
RSA is committed to delivering high-quality products that offer a seamless experience to its customers. As part of this commitment, RSA is developing new versions of its Agents that will provide enhanced features and functionality. The upcoming Agents are:
- RSA MFA Agent 9.0 for PAM
- RSA MFA Agent 3.0 for Microsoft AD FS
- RSA MFA Agent 3.0 for Citrix Agent
These Agents are expected to be released soon and will provide customers with more options and flexibility for securing their resources with RSA.
Note: UDP mode is not supported in upcoming agents, and you cannot use both UDP and REST modes on the same machine. For more information, see Deprecated feature section below.
What’s new
RSA is excited to announce the upcoming release of agents with major features that include:
Authentication Manager failover support and load balancing improvements: One of the biggest advantages that RSA offers to its Hybrid customers is Hybrid High Availability. This feature uses an Authentication Manager failover mechanism that automatically balances the load between Authentication Manager primary and replica servers, reducing the single point of risk failure for our Hybrid customers. Whether the failure occurs in the cloud or on-premises, RSA Hybrid High Availability can handle it all.
Code-to-match enhancements: Organizations can use the code-to-match feature to enhance security and prevent MFA Fatigue attacks. This feature adds a code confirmation to the push notifications. RSA is making this feature available to all commercial customers (not just FedRAMP).
Third-party library: Updating third-party library dependencies can enhance security, resolve compatibility issues, and fix bugs.
Rebranding and terminology changes: RSA is gradually introducing a new consistent and standard terminology across all products and platforms. This also reflects brand value and builds customer trust and clarity among internal stakeholders.
Deprecated feature
UDP mode no longer supported in upcoming Agents: Authentication Agent for PAM 8.x, Authentication Agent for Microsoft AD FS 2.x, and Authentication Agent for Citrix 2.x support both UDP and REST protocol modes for communicating with RSA Authentication Manager. UDP mode is a legacy option that allows agents to use the UDP protocol and hardware OTP credentials for MFA. However, UDP mode is not supported in upcoming agents, and you cannot use both UDP and REST modes on the same machine with them.
Customers who are using the existing Agents in UDP mode must switch to REST mode. You can change the UDP protocol authentication mode to the REST protocol for RSA Authentication Manager or the Cloud Authentication Service.
Upcoming End of Primary Support Details
To know more about the EOPS details, refer to Product Version Life Cycle for SecurID - RSA Community.
Related Articles
RSA Authentication Manager 8.x SNMPGET error: No Such Instance currently exists at this OID Number of Views Steps to change the internal subnets in RSA Authentication Manager used for an embedded RSA Identity Router Number of Views How to configure High Availability (HA) on multiple RSA Authentication Agents for Citrix StoreFront with Risk Based Authen… Number of Views How to obtain the bundle logs from an RSA Cloud Authentication Service Identity Router Number of Views How to manually update the internal SHA-1 certificates used by earlier versions of Authentication Manager after upgrading … Number of Views
Trending Articles
RSA Authentication Manager 8.9 Release Notes (January 2026) Artifacts to gather in RSA Identity Governance & Lifecycle RSA MFA Agent 2.4.3 for Microsoft Windows Installation and Administration Guide RSA Authentication Manager 8.8 Setup and Configuration Guide RSA MFA Agent 2.3.6 for Microsoft Windows Installation and Administration Guide
